EvilZone makes Fortinet News

[chris_kzn]

EvilZone makes Fortinet News:

https://blog.fortinet.com/post/keeping-an-eye-on-encryptor-raas

[0E 800]

More specifically:


Who is behind Encryptor RaaS?

The TOR- and Bitcoin-based operation of Encryptor RaaS makes it hard to track the author behind this ransomware. On top of that, the author uses the dark web mail service SIGAINT to talk to clients.

We found that a thread was created in the forum evilzone.org regarding our previous Encryptor RaaS post. A user with the handle jeiphoos has replied to the thread and identified himself as the author of Encryptor RaaS. One of his replies to the thread suggests that he has been or is around many German-speaking people:

_{Figure 7. Forum post of jeiphoos on evilzone.org}

Additionally, his forum profile shows that his local timezone is Central European Time, which is Germany's timezone. Therefore, it is possible that the author is located in Germany or in one of the countries under the CET timezone.

[KOR]

Well, this is interesting. RaaS as a new platform for affiliates? That's the last time I click a link that says I've been referred by a friend.

[iTpHo3NiX]

I love how queery is in the screenshot xD

[jeiphoos]

Hello Roland,

First, my RaaS isn't written in Java. The references to
"libgcj.dll"/"libgcj-12.dll" are even included when Java support isn't
compiled into MingW GCC.

Second, the filenames 'wallet.dat' and 'electrum.dat' aren't exempted from
the encryption. What it's actually doing is a homework for you.

Third, CET is the default timezone on the evilzone.org board. I just
didn't felt to change it, so I left it to it's default value.

Fourth, as it seems, that you weren't able to find out which encryption
algorithm I'm using, it's RC6.


Kind regards,
jeiphoos

PS:
Can you ask someone at Microsoft, why they've called my RaaS "Sarento"?

That's what I wrote him, he didn't answered it by now.
Apparently he hates to be reminded on his mistakes.

PS:
CET were at least shown to me as the default timezone.